<![CDATA[[SecurityRatty] tag: cobb]]> http://securityratty.com/tag/cobb Mon, 18 Feb 2008 12:23:38 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss <![CDATA[The Continuing .Gov Blackat SEO Campaign]]> http://securityratty.com/article/20bc317bf017dd20ebd3bb5ebec5b01a http://securityratty.com/article/20bc317bf017dd20ebd3bb5ebec5b01a Just like the situation in the previous case of injecting SEO content into .gov domains, once the pages are up and running, they get actively advertised across the Web, again automatically. While bridger-mt.gov responds to 72.22.69.184, the subdomain freeporn.eee.bridger-mt.gov is pointing to another netblock, in this case 66.49.238.80, exactly the same approach was used in a previous such assessment that was however serving malware to its visitors. Here are some of the very latest such examples listed by directory :

- Cobb County Government - cobbcountyga.gov/css - over 2,240 pages
- Benton Franklin Health District - bfhd.wa.gov/search/templates/dark/.thumbs - 1,200 pages
- Bridger, Montana - freeporn.eee.bridger-mt.gov - 778 pages
- Mid-Region Council of Governments - mrcog-nm.gov/includes/phpmailer/language - 336 pages
- Michigan Senate - senate.michigan.gov/FindYourSenator/top - 26 pages
- Nevada City, California - nevadacityca.gov/postcards - 13 pages
- Brookhaven National Laboratory - pvd.chm.bnl.gov/twiki/pub/Trash/OnlinePharmacy - 12 pages

Who's behind all of these? Checking the outgoing links and verifying the forums the advertisements got posted at could prove informative, but for instance, topsfield-ma.gov/warrant where a single blackhat SEO page was located seems to have been hacked by a turkish defacement group who left the following - "RapciSeLo WaS HeRe !!! OwNz You - For AvciHack.CoM with greets given to "J0k3R inf3RNo ByMs-Dos FuriOuS SSeS UmuT SerSeriiii Ov3R YstanBLue DeHS@ CMD 3RR0R SaNaLBeLa Keyser-SoZe GoLg3 J0k3ReM JackalTR Albay ParS MicroP"
]]> Mon, 18 Feb 2008 12:23:38 +0000 gov pages gov domains bridger gov responds bridger-mt cobb county government freeporn subdomain freeporn The Continuing .Gov Blackat SEO Campaign